xenorat | 5244f2ca07b186c6bd6c0ac80a5c8db94bb49ebfc920ce6b2c73e23568aff396 | Triage

Submit
Reports

Overview

overview

Static

static

a2a4e83e35...cs.exe

windows7-x64

a2a4e83e35...cs.exe

windows10-2004-x64

Sharing

General

Target

a2a4e83e35f7cafbc1c73fd179737e80_NeikiAnalytics.exe
Size

45KB
Sample

240518-g6yq3sff71
MD5

a2a4e83e35f7cafbc1c73fd179737e80
SHA1

94f0660549221c8bf48184ea39324ece80053935
SHA256

5244f2ca07b186c6bd6c0ac80a5c8db94bb49ebfc920ce6b2c73e23568aff396
SHA512

426211ae1ee5f20f338613bc3c83afe51481110cc7f6d4fd32b869cdc5f927c831e4596de4ff60c905bc33e314ef8f64896df0681e4b4c380f34c61504ba8052
SSDEEP

768:VdhO/poiiUcjlJIniwzH9Xqk5nWEZ5SbTDahWI7CPW5z:rw+jjgniyH9XqcnW85SbToWI7

Score

10^/10

xenorat rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a2a4e83e35f7cafbc1c73fd179737e80_NeikiAnalytics.exe

Resource

win7-20240221-en

xenorat rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2a4e83e35f7cafbc1c73fd179737e80_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

xenorat rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

damizk.ddns.net

Mutex

Xeno_rat_ndsszcv

Attributes

delay
5000
install_path
appdata
port
7628
startup_name
nothingset

Targets

- Target
  
  a2a4e83e35f7cafbc1c73fd179737e80_NeikiAnalytics.exe
- Size
  
  45KB
- MD5
  
  a2a4e83e35f7cafbc1c73fd179737e80
- SHA1
  
  94f0660549221c8bf48184ea39324ece80053935
- SHA256
  
  5244f2ca07b186c6bd6c0ac80a5c8db94bb49ebfc920ce6b2c73e23568aff396
- SHA512
  
  426211ae1ee5f20f338613bc3c83afe51481110cc7f6d4fd32b869cdc5f927c831e4596de4ff60c905bc33e314ef8f64896df0681e4b4c380f34c61504ba8052
- SSDEEP
  
  768:VdhO/poiiUcjlJIniwzH9Xqk5nWEZ5SbTDahWI7CPW5z:rw+jjgniyH9XqcnW85SbToWI7
Score

10^/10

xenorat rat trojan
- Detects XenoRAT malware
  XenoRAT is an open-source remote access tool (RAT) developed in C#.
  rat
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan

© 2018-2024

Terms | Privacy